| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Oct 2022 17:50:04 -0400
From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To: Beau Belgrave <beaub@...ux.microsoft.com>, rostedt@...dmis.org,
mhiramat@...nel.org, dcook@...ux.microsoft.com,
alanau@...ux.microsoft.com
Cc: linux-trace-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 0/2] tracing/user_events: Remote write ABI
On 2022-10-27 18:40, Beau Belgrave wrote:
> As part of the discussions for user_events aligned with user space
> tracers, it was determined that user programs should register a 32-bit
> value to set or clear a bit when an event becomes enabled. Currently a
> shared page is being used that requires mmap().
>
> In this new model during the event registration from user programs 2 new
> values are specified. The first is the address to update when the event
> is either enabled or disabled. The second is the bit to set/clear to
> reflect the event being enabled. This allows for a local 32-bit value in
> user programs to support both kernel and user tracers. As an example,
> setting bit 31 for kernel tracers when the event becomes enabled allows
> for user tracers to use the other bits for ref counts or other flags.
> The kernel side updates the bit atomically, user programs need to also
> update these values atomically.
Nice!
>
> User provided addresses must be aligned on a 32-bit boundary, this
> allows for single page checking and prevents odd behaviors such as a
> 32-bit value straddling 2 pages instead of a single page.
>
> When page faults are encountered they are done asyncly via a workqueue.
> If the page faults back in, the write update is attempted again. If the
> page cannot fault-in, then we log and wait until the next time the event
> is enabled/disabled. This is to prevent possible infinite loops resulting
> from bad user processes unmapping or changing protection values after
> registering the address.
I'll have a close look at this workqueue page fault scheme, probably
next week.
>
> NOTE:
> User programs that wish to have the enable bit shared across forks
> either need to use a MAP_SHARED allocated address or register a new
> address and file descriptor. If MAP_SHARED cannot be used or new
> registrations cannot be done, then it's allowable to use MAP_PRIVATE
> as long as the forked children never update the page themselves. Once
> the page has been updated, the page from the parent will be copied over
> to the child. This new copy-on-write page will not receive updates from
> the kernel until another registration has been performed with this new
> address.
This seems rather odd. I would expect that if a parent process registers
some instrumentation using private mappings for enabled state through
the user events ioctl, and then forks, the child process would
seamlessly be traced by the user events ABI while being able to also
change the enabled state from the userspace tracer libraries (which
would trigger COW). Requiring the child to re-register to user events is
rather odd.
What is preventing us from tracing the child without re-registration in
this scenario ?
Thanks,
Mathieu
>
> Beau Belgrave (2):
> tracing/user_events: Use remote writes for event enablement
> tracing/user_events: Fixup enable faults asyncly
>
> include/linux/user_events.h | 10 +-
> kernel/trace/trace_events_user.c | 396 ++++++++++++++++++++-----------
> 2 files changed, 270 insertions(+), 136 deletions(-)
>
>
> base-commit: 23758867219c8d84c8363316e6dd2f9fd7ae3049
--
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com
Powered by blists - more mailing lists